They need to add HTTPS, post-haste. My Chrome is persistently warning me that signing in is not secure.
It would probably also help protect the admins from "watering hole" attacks that could be used to inject more malicious crap in the future.
And considering most of this malicious stuff is likely hosted on plaintext sites, going HTTPS would make it more difficult for hackers to deliver the content.